Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Drupal — Vulnerabilities & Security Advisories 295

Browse all 295 CVE security advisories affecting Drupal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Drupal:Drupal CorecoreOpen SocialEnterprise MFA - TFA for DrupalAI (Artificial Intelligence)COOKiES Consent ManagementTwo-factor Authentication (TFA)One Time PasswordAuthenticator LoginOpenID Connect / OAuth clientFacetsData-moduleKlaro Cookie & Consent ManagementAccess codeQuick Node BlockSimple KlaroGoogle TagEmail TFACivicTheme Design SystemAcquia DAMDrupalPOST FileParagraphs tableTagifyDrupal CanvasLogin DisableNode Access Rebuild ProgressiveMonster MenusFile Entity (fieldable files)File Access Fix (deprecated)
CVE IDTitleCVSSSeverityPaused
CVE-2025-3907 Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046 — Search API SolrCWE-352 8.8 -2025-04-23
CVE-2025-3904 Sportsleague - Critical - Unsupported - SA-CONTRIB-2025-045 — Sportsleague 9.4 -2025-04-23
CVE-2025-3903 UEditor - 百度编辑器 - Critical - Unsupported - SA-CONTRIB-2025-044 — UEditor - 百度编辑器 8.2 -2025-04-23
CVE-2025-3902 Block Class - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-043 — Block ClassCWE-79 6.1 -2025-04-23
CVE-2025-3901 Bootstrap Site Alert - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-042 — Bootstrap Site AlertCWE-79 6.1 -2025-04-23
CVE-2025-3900 Colorbox - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-041 — ColorboxCWE-79 6.1 -2025-04-23
CVE-2025-3739 Drupal 8 Google Optimize Hide Page - Critical - Unsupported - SA-CONTRIB-2025-040 — Drupal 8 Google Optimize Hide Page 6.5AIMediumAI2025-04-16
CVE-2025-3738 Google Optimize - Critical - Unsupported - SA-CONTRIB-2025-039 — Google Optimize 8.2AIHighAI2025-04-16
CVE-2025-3737 Google Maps: Store Locator - Critical - Unsupported - SA-CONTRIB-2025-038 — Google Maps: Store Locator 8.2AIHighAI2025-04-16
CVE-2025-3736 Simple GTM - Critical - Unsupported - SA-CONTRIB-2025-037 — Simple GTM 9.4AICriticalAI2025-04-16
CVE-2025-3735 Panelizer (obsolete) - Critical - Unsupported - SA-CONTRIB-2025-036 — Panelizer (obsolete) 9.1AICriticalAI2025-04-16
CVE-2025-3734 Stage File Proxy - Moderately critical - Denial of Service - SA-CONTRIB-2025-035 — Stage File ProxyCWE-770 7.5AIHighAI2025-04-16
CVE-2025-3733 baguetteBox.js - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-034 — baguetteBox.jsCWE-79 6.1AIMediumAI2025-04-16
CVE-2025-3474 Panels - Critical - Access bypass - SA-CONTRIB-2025-033 — PanelsCWE-306 9.1AICriticalAI2025-04-09
CVE-2025-3131 ECA: Event - Condition - Action - Critical - Cross site request forgery - SA-CONTRIB-2025-031 — ECA: Event - Condition - ActionCWE-352 8.8AIHighAI2025-04-09
CVE-2025-3475 WEB-T - Moderately critical - Access bypass, Denial of service - SA-CONTRIB-2025-030 — WEB-TCWE-770 7.5AIHighAI2025-04-09
CVE-2025-3130 Obfuscate - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-029 — ObfuscateCWE-79 5.4 -2025-04-02
CVE-2025-3129 Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-028 — Access codeCWE-307 9.8AICriticalAI2025-04-02
CVE-2025-3062 Drupal Admin LTE theme - Critical - Unsupported - SA-CONTRIB-2025-010 — Drupal Admin LTE theme 9.1 -2025-03-31
CVE-2025-3061 Material Admin - Critical - Unsupported - SA-CONTRIB-2025-006 — Material Admin 9.8 -2025-03-31
CVE-2025-3060 Flattern – Multipurpose Bootstrap Business Profile - Critical - Unsupported - SA-CONTRIB-2025-005 — Flattern – Multipurpose Bootstrap Business Profile 8.2 -2025-03-31
CVE-2025-3059 Profile Private - Critical - Unsupported - SA-CONTRIB-2025-002 — Profile Private 8.2 -2025-03-31
CVE-2025-31697 Formatter Suite - Moderately critical - Cross site scripting - SA-CONTRIB-2025-026 — Formatter SuiteCWE-79 6.1 -2025-03-31
CVE-2025-31696 RapiDoc OAS Field Formatter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-025 — RapiDoc OAS Field FormatterCWE-79 6.1 -2025-03-31
CVE-2025-31695 Link field display mode formatter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-024 — Link field display mode formatterCWE-79 6.1 -2025-03-31
CVE-2025-31694 Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2025-023 — Two-factor Authentication (TFA)CWE-288 9.4 -2025-03-31
CVE-2025-31693 AI (Artificial Intelligence) - Moderately critical - Gadget Chain - SA-CONTRIB-2025-022 — AI (Artificial Intelligence)CWE-78 8.8 -2025-03-31
CVE-2025-31692 AI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021 — AI (Artificial Intelligence)CWE-78 8.8 -2025-03-31
CVE-2025-31691 OAuth2 Server - Moderately critical - Access bypass - SA-CONTRIB-2025-020 — OAuth2 ServerCWE-862 7.5 -2025-03-31
CVE-2025-31690 Cache Utility - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-019 — Cache UtilityCWE-352 8.8 -2025-03-31

This page lists every published CVE security advisory associated with Drupal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.